General
-
Target
311718335437b77a728b4b4bb7b1c46129fdbcb78012a4a6698b59b2d23d9713
-
Size
394KB
-
Sample
240427-fylwwacf7t
-
MD5
41a7a009bd832a0d930d20b0ccfac2a1
-
SHA1
e625c2c506cc58fd0b6fb74475f96aa586ad8ef5
-
SHA256
311718335437b77a728b4b4bb7b1c46129fdbcb78012a4a6698b59b2d23d9713
-
SHA512
53e504051f17d365fefaa089d6521a697d890be98850fdcad18484b8cd75b7e2d02f8f563b451b7372b911ca0fbe4e670e90c4bdcb2c03f1ec82567db322ab50
-
SSDEEP
6144:fsJVip+l5fK53hCfPr+ICF1ggQyGiezkMza:fszip+7K52P/+tQdq
Static task
static1
Behavioral task
behavioral1
Sample
311718335437b77a728b4b4bb7b1c46129fdbcb78012a4a6698b59b2d23d9713.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.111
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
311718335437b77a728b4b4bb7b1c46129fdbcb78012a4a6698b59b2d23d9713
-
Size
394KB
-
MD5
41a7a009bd832a0d930d20b0ccfac2a1
-
SHA1
e625c2c506cc58fd0b6fb74475f96aa586ad8ef5
-
SHA256
311718335437b77a728b4b4bb7b1c46129fdbcb78012a4a6698b59b2d23d9713
-
SHA512
53e504051f17d365fefaa089d6521a697d890be98850fdcad18484b8cd75b7e2d02f8f563b451b7372b911ca0fbe4e670e90c4bdcb2c03f1ec82567db322ab50
-
SSDEEP
6144:fsJVip+l5fK53hCfPr+ICF1ggQyGiezkMza:fszip+7K52P/+tQdq
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-